This action might not be possible to undo. Are you sure you want to continue?
com, June 2010
11 - Project Risk Management
Project Management Training
Project Risk Management
Monitoring & Controlling Processes Planning Processes
Enter phase/ Start project
Exit phase/ End project
Process Initiating Planning
Plan Risk Management Identify Risk Perform Qualitative Risk Analysis Perform Quantitative Risk Analysis Plan Risk Response
Monitoring & Contol
Monitor and Control Risks
Project Risk Management
• Risk is an uncertain event or condition that, if occurs, has an effect on at least one project objective. • Risk management objectives:
– increase the probability and impact of positive events (opportunities). – decrease the probability and impact of negative events (threat).
• Terms & concepts:
– – – – Uncertainty: a lack of knowledge about an event that reduces confidence Risk averse: someone who does not want to take risks. Risk tolerances: area of risk that are acceptable/unacceptable. Risk thresholds: the point at which a risk become unacceptable • Remember that in this area there is no activity in executing process group
Expected timing (when) in the project life cycle 4. The anticipated frequency of risk event (how often) . The range of possible outcome (impact) 3.Project Risk Management Risk factors 1. The probability that it will occur 2.
Schedule management plan 4. Planning meetings and analysis Outputs 1. Project scope statement 2. Cost management plan 3. Communication management plan 5. Organizational process assets Tools & Techniques 1. Risk management plan .11.1 Plan Risk Management • The process of defining how to conduct risk management activities for a project. Inputs 1. Enterprise environmental factors 6.
• 2 Main type of Risk – Business – Risk of gain or loss – Pure (insurable) risk – Only a risk of loss (i. type. – Companies and PMO should have standard list of risk categories to help identify risk. and visibility of risk management are commensurate – Provide sufficient resource and time for risk management activities – Establish an agreed-upon basis for evaluating risk • Risk Categories – A standard list of risk categories can help to make sure areas of risk are not forgotten. theft. fire. personal injury.e.Plan Risk Management • Importance of Risk Management Planning – Ensure that the degree. etc) • Sources of risk = risk categories • Risk categories may be structured into Risk Breakdown Structure (RBS) .
May includes: Methodology Roles & responsibilities Budgeting Timing Risk categories. Definition of probability and impact Stakeholder tolerances Reporting formats Tracking Probability and impact matrix (?) .Risk Management Plan • • • Risk management plan describe how risk management will be structured and performed on the project. Subset of project management plan.
Inputs 1. 8. 7.8. 4. 9. 3. selecting a seller. 4. 6. 6. and awarding a contract. Project management plan Procurement documents Source selection criteria Qualified seller list Seller proposals Project documents Make-or-buy decisions Teaming agreements Organizational process assets Tools & Techniques 1. Documentation reviews 2. 7. 5. techniques Checklist analysis Assumptions analysis Diagramming techniques SWOT analysis Expert judgment Q: Who should be involved in risk identification? A: EVERYONE . Risk register 2. 3. Information gathering Outputs 1.2 Identify Risk • The process of obtaining seller responses. 5.
– Interviewing: interviewing experts. SWOT analysis – Strengths. experienced PM – Root cause analysis: Reorganizing the identified risk by their root cause may help identify more risks • • • Checklist analysis: checklist developed based on accumulated historical information from previous similar project Assumption analysis: identify risk from inaccuracy. facilitator use questionnaire. when working with resources. Threats . Help reduce bias in the data and prevent influence each others. consensus may be reached in a few rounds. inconsistency. • Information gathering techniques – Brainstorming – Delphi technique: Expert participate anonymously. instability. Weaknesses. when dealing with issues. stakeholders. Opportunities. incompleteness.Identify Risk • Risk should be continually reassessed (iterative) such as in integrated change control activity.
Influence diagrams Described in Quality Management – show the casual influences among project variables.Diagramming techniques • • • Cause and effect diagrams (fish-bone diagram) System or process flow charts. – excellent for displaying a decision’s structure Risk Register • After Indentify Risk process the output is initial entries into the risk register. It includes: List of risk List of POTENTIAL responses Root causes of risks Updated risk categories . the timing or time ordering of events. and the relationships among other project variables and their outcomes.
Probability and impact matrix 3. Risk data quality assessment 4. Risk register Risk management plan Project scope statement Organizational process assets Tools & Techniques 1. Inputs 1. Expert judgment Outputs 1.3 Perform Qualitative Risk Analysis • The process of prioritizing risks for further analysis of action by assessing and combining their probability of occurrence and impact. 4. 2. Risk urgency assessment 6.11. Risk probability and impact assessment 2. Risk register updates . 3. Risk categorization 5.
Qualitative Risk Analysis • • • Help to focus on high priority risks A subjective analysis Analysis using… – – – – – Relative probability or likelihood of occurrence Impact on project objective Time frame response Organization’s risk tolerance Etc. continued or terminated. • Can be also used to: – Compare risk to the overall risk of other projects – Determine whether the project should be selected. – Determine whether to proceed to Perform Quantitative Risk Analysis .
time.Probability Impact Matrix • • Different matrices can be used for cost. scope It helps guide risk responses (priority action & response strategies) Colors shows level of importance No 1 2 Category Resource Schedule Description of Risk Testing environment not available Documentation approval took longer time IMPACT 4 4 PROBA BILITY B A RISK LEVEL ORANGE RED .
decreasing or staying the same – Cause of risk requiring particular attention .e. Risk Register. PM should know if risk is increasing. which include: – – – – – – Relative ranking/priority Risk grouped by categories List of risk requiring additional analysis in the near term List of risk for additional analysis and response Watch-list (non-critical or non-top risks) Trends Since risk analysis process is iterative.Risk Register Updates • Update/add additional information to previous output i.
Data gathering and representation techniques 2. Inputs 1. Risk register Risk management plan Cost management plan Project scope statement Organizational process assets Tools & Techniques 1.4 Perform Quantitative Risk Analysis • The process of numerically analyzing the effect of identified risks on overall project objectives. Quantitative risk analysis and modeling techniques 3. Expert judgment Outputs 1. 3. 2.11. 4. this process may be skipped. Risk register updates If not necessary. 5. .
– Determine overall project risk (risk exposure). . – Determine the quantified probability of meeting project objectives. – Identify risks requiring the most attention. – Determine cost and schedule reserves. or scope targets. – Create realistic and achievable cost. Purpose of this process – Determine which risk events warrant a response. schedule.Quantitative Risk Analysis • • • Is a numerical evaluation (more objective) This process may be skipped.
Quantitative Risk Analysis: Tools & Techniques • Determining Quantitative Probability and Impact might be done by: – – – – – – – – – Interviewing Cost and time estimating Delphi technique Use of historical records from previous projects Expert judgment Sensitivity analysis – tornado diagram Expected monetary value (EMV) analysis Decision tree Monte Carlo analysis (simulation) .
Decision Tree and EMV EVM (Probabili ty) (Impact) • • EVM used with Decision Tree to choose between many alternative which take into account the future events Example: Example Source: .
Sensitivity Analysis • To determine which risks have the most potential impact to the project • Changing one or more elements/variables and set other elements to its baseline then see the impact. • One typical display of sensitivity analysis is the tornado diagram .
e. project cost. with confidence level – The quantified probability of meeting project objectives – Trends . which include: – Prioritize list of quantified risks – Amount of contingency time and cost reserve needed – Possible realistic and achievable completion dates. Risk Register.Risk Register Updates • Update/add additional information to previous output i.
Risk register updates 2. 2. Project management plan updates 4. 4.11.5 Plan Risk Response • The process of developing option and action to enhance opportunities and to reduce threats to project objectives. Strategies for negative risks or threats 2. 5. Strategies for positive risks or opportunities 3. Project document updates . Inputs 1. 3. Expert judgment Outputs 1. Risk register Risk management plan Cost management plan Project scope statement Organizational process assets Tools & Techniques 1. Contingent response strategies 4. Risk-related contract decisions 3.
Plan Risk Responses/Mitigation • • • • • Do something to eliminate threats before they happens Do something to make sure the opportunities happens Decrease the probability and/or impact of threats Increase the probability and/or impact of opportunities For the remaining (residual) threats that cannot be eliminated: – Do something if the risk happens (contingency plan). – Do something if contingency plan not effective (fallback plan) .
. Allocate) – Shift some or all the negative impact of a threat to a third party Mitigate – Implies a reduction in the probability and/or impact of an adverse risk event to be within acceptable threshold limits Accept – Deal with the risks – Project management plan is not changed • • • Transferring a risk will leave some risk behind.Strategies for Threats • Avoid – Eliminate the threat entirely – Isolate project objectives from the risk’s impact Transfer (Deflect.
Accept – Not actively pursuing an opportunity • • .Strategies for Opportunities • • Exploit – Seek to ensure the opportunities definitely happen Share – Allocate some or all of the ownership of the opportunity to a third party who is best able to capture the opportunity for the project benefit. Enhance – Increase the probability and/or the positive impacts of an opportunity.
Risk reassessment 2.6 Monitor & Control Risk • The process of . and evaluating risk process effectiveness throughout the project. Project management plan 3. Project document updates . – – – – – implementing risk response plans. Work performance information 4. Organizational process assets updates 3. Performance report Tools & Techniques 1. Variance and trend analysis 4. Risk register updates 2. Project management plan updates 5. tracking identified risks. Technical performance measurement 5. Change requests 4. Inputs 1. Risk audits 3. Risk register 2.11. identifying new risks. Status meetings Outputs 1. monitoring residual risks. Reserve analysis 6..
Risk Monitoring & Controlling • Other purposes are to determines if – – – – Project assumptions are still valid Risk has changed or can be retired Risk management policy & procedure are being followed Align contingency reserves with current risk assessment .
BACKUP SLIDES .
Important Terms • • Mutual Exclusive: if two events cannot both occur in a single trial Probability: something will occur • • • • Normal Distribution: common probability density distribution chart Statistical independence: the probability of one event occurring does not affect the probability of another event occurring Standard deviation (or Sigma): how far you are from the mean 3 or 6 sigma – Represent the level of quality has decided to try to achieve – 6σ is higher quality standard than 3σ – Used to calculate the upper and lower control limits in a control chart Number of σ Percentage of occurrences between two control limits 1 2 3 6 68.26% 95.99985% .64% 99.73% 99.
PMI © 2009.281 . p.Example: Definition of Risk Probability and Impact • • • This should be defined in Risk Management Plan Required for Perform Qualitative Risk Analysis Can reduce the influence of bias Image Source: PMBOK Guide 4th Edition.
p. PMI © 2009.Example: Risk Breakdown Structure (RBS) • • Showing risk categorization Help to ensure a comprehensive process of systematically identifying risk to a consistent level of detail Image Source: PMBOK Guide 4th Edition.281 .
Burton . Lloyd R. Dr.Example: Influence Diagram • Diagramming technique used when Identify Risk Decision Node ValueNode Test Survey Usage decision Economic Value Chance event Node Human Exposure Cancer Risk Net Value Cancer Cost Carcinogenic potential Image Source: Influence Diagram & Decision Trees. Lecture slide MHA 6350.
Next topic: Project Procurement Management Thank You .
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue listening from where you left off, or restart the preview.